US election day faces specter of cyberattacks

Don't be surprised if hackers make their presence felt on U.S. Election Day. Distributed denial-of-service attacks and high-profile leaks are among the tactics they might use if they try to influence Tuesday's vote.

Cybersecurity experts stress it would be incredibly difficult to hack the U.S. election. The system itself is distributed across the country over thousands of voting jurisdictions, making it hard to tamper with on a wide scale.

But hackers could still attempt to sow chaos on Election Day in other ways. The tools and infrastructure to do so are already in place.

Last month, the U.S. experienced a massive DDoS attack from a malware called Mirai that is freely available on the internet. That attack -- which flooded internet connections with too much traffic -- disrupted access to many popular sites, especially for users on the East Coast.

Hackers could very well try to launch another DDoS attack on Election Day, said Travis Smith a security researcher at Tripwire. This might involve targeting services such as maps or government sites that can tell voters their polling locations.

"A worst-case scenario is the attack that targets a certain county that leans Republican or Democrat and lowers voter turnout," he said.

However, even if the attack occurred, voters could still find ways to cast their ballots. Election jurisdictions, for instance, are known to mail voters the physical address to the polling location before hand, Smith said.

Voters can also search for their polling location on Google, a site built to withstand large-scale DDoS attacks.

Still, polling location websites aren't the only possible target. For instance, carpooling sites that help voters reach their polling destination could also be attacked, said Robert Hamilton, a director of product marketing with security firm Imperva.

"The number one reason voters cite not going to the polls is they couldn't get a ride," he added.

Many of these carpooling sites are run by small business and could be easily taken down by a DDoS attack, Hamilton said. Imperva, however, is offering free DDoS mitigation services to any carpooling and polling place websites during election day.

"You just need to give us a call. It only takes half an hour to set up," he said.

Hackers wanting to influence this year's election have already succeeded to some extent. The U.S. government is concerned that Russia has been allegedly trying to sway voter sentiment by hacking political targets and then leaking sensitive information online.

Both WikiLeaks and a hacker named Guccifer 2.0 have been the source of some of those leaks, which have potentially damaged Democrat Hillary Clinton's election chances.

Security experts are wondering if another high-profile leak -- whether true or false --might drop on Election Day right as many voters cast their ballots.

"I think that's absolutely a possibility," said Justin Fier, director of cyber intelligence and analysis with security firm Dark Trace. "It's really very difficult in these cases to vet that information and to declare it to be authentic."

Last Friday, the hacker Guccifer 2.0 attempted to rally hackers and his supporters to his cause when he warned that Democrats could rig Tuesday's election. He previously leaked files stolen from the Democratic National Committee.

However, Guccifer 2.0 has also been caught faking claims, with him saying he hacked the Clinton Foundation and providing evidence that was later debunked. On Friday, he alleged he had become an "independent election observer" by registering himself with the U.S. Federal Election Commission.

The FEC, however, has nothing to do with casting ballots. Instead, the agency oversees campaign finance rules. It does not register election observers.

To prevent a possible disruption on Tuesday, the U.S. government has been working with local election jurisdictions on security. All 50 states have sought federal assistance with protecting election systems from cyber attack, a Department of Homeland Security official said on Friday.

Nevertheless, that might not be enough to assuage concerns over Election Day hacking. The appearance of any cyberattack on Tuesday might set off doubts that the U.S. voting system has been rigged.

"For people who don't understand botnets or DDoS attacks, they might think the problem is really bigger than it is," Hamilton said.

"This can get wrapped up into a big ball of anxiety," he added. "But we have nothing to fear but fear itself."

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.